Securing intellectual capital:an exploratory study in Australian universities

Purpose – To investigate the links between IC and the protection of data, information and knowledge in universities, as organizations with unique knowledge-related foci and challenges.Design/methodology/approach – We gathered insights from existing IC-related research publications to delineate key foundational aspects of IC, identify and propose links to traditional information security that impact the protection of IC. We conducted interviews with key stakeholders in Australian universities in order to validate these links.Findings – Our investigation revealed two kinds of embeddedness characterizing the organizational fabric of universities: (1) vertical and (2) horizontal, with an emphasis on the connection between these and IC-related knowledge protection within these institutions.Research implications – There is a need to acknowledge the different roles played by actors within the university, and the relevance of information security to IC-related preservation.Practical implications – Framing information security as an IC-related issue can help IT security managers communicate the need for knowledge security with executives in higher education, and secure funding to preserve and secure such IC-related knowledge, once its value is recognized.Originality/value – This is one of the first studies to explore the connections between data and information security and the three core components of IC’s knowledge security in the university context

IOT: Challenges in Information Security Training

Both consumers and businesses are rapidly adopting IoT premised on convenience and control. Industry and academic literature talk about billions of embedded IoT devices being implemented with use-cases ranging from smart speakers in the home, to autonomous trucks, and trains operating in remote industrial sites. Historically information systems supporting these disparate use-cases have been categorised as Information Technology (IT) or Operational Technology (OT), but IoT represents a fusion between these traditionally distinct information security models. This paper presents a review of IEEE and Elsevier peer reviewed papers that identifies the direction in IoT education and training around information security. It concludes that the education/training still is largely distinct and is not addressing the needs of this hybrid IT and OT model. IoT is complex as it melds embedded systems and software in support of interaction with physical systems. While literature contains implementation specific research, papers that address appropriate methodologies and content around secure design are piecemeal in nature. We conclude that in the rush to find implementation specific strategies the overarching strategy around education and training of secure IoT design is not being adequately addressed. Consequently, we propose a novel approach to how IoT education training can better incorporate the topic of secure design at a foundational level

A National Veterans Strategy: The Economic, Social and Security Imperative

This publication details the foundational logic supporting a call to action, related to a broad-based effort to articulate and institutionalize a National Veterans Strategy. We argue that coordinated, "whole-of-government" action toward this end is essential to meet the nation's most important economic, social, and security obligations. Furthermore, we contend that the second Obama administration, working in close collaboration with executive agencies, Congress, and the private sector, is well-positioned to act on what we perceive to be a historic opportunity -- capitalizing on both the foundations of veteran-focused policy and progress enacted over the past decade and the overwhelming public support for returning veterans and military families -- to craft and institutionalize a National Veterans Strategy.Our purpose is to provide a researched and logically-developed case for action that is grounded in this nation's social and cultural traditions and attuned to the practical realities of our contemporary economic and political climate

An interprofessional, intercultural, immersive short-term study abroad program: public health and service systems in rome

The purpose of this paper is to describe a short-term study abroad program that exposes engineering and nursing undergraduate students from the United States and Italy to an intercultural and interprofessional immersion experience. Faculty from Purdue University and Sapienza Università di Roma collaborated to design a technical program that demonstrates the complementary nature of engineering and public health in the service sector, with Rome as an integral component of the program. Specifically, the intersection of topics including systems, reliability, process flow, maintenance management, and public health are covered through online lectures, in-class activities and case study discussions, field experiences, and assessments. Herein, administrative issues such as student recruitment, selection, and preparation are elucidated. Additionally, the pedagogical approach used to ensure constructive alignment among the program goals, the intended learning outcomes, and the teaching and learning activities is described. Finally, examples of learning outcomes resulting from this alignment are provided

Alaska career pathways: A baseline analysis

This report details the findings from a 2013 statewide study of career pathways (CP) and programs of study (PoS) in secondary districts in Alaska. Twenty-seven of Alaska’s 54 districts provided data around the maturity of their CP/PoS, the availability of different CP/PoS, how career planning is addressed, and the availability of courses and PoS in the Health Sciences cluster. The differences between urban and rural communities are often noted in conversations around education, programming and policy in Alaska, and the data in this report reflect this established phenomenon. The contribution of this report is in helping to demystify and contextualize some of these known differences, and to make differentiated recommendations for moving forward.Acknowledgements / Executive summary / Introduction / Context for study / Method / Participation / Part I - Maturity of career pathway components / Part II - Available PoS within the career clusters / Part III Career planning / Part IV Health / Implications / Limitations / Recommendations / Conclusions / Reference

Standardizing Instructional Definition and Content Supporting Information Security Compliance Requirements

Information security (IS)-related risks affect global public and private organizations on a daily basis. These risks may be introduced through technical or human-based activities, and can include fraud, hacking, malware, insider abuse, physical loss, mobile device misconfiguration or unintended disclosure. Numerous and diverse regulatory and contractual compliance requirements have been mandated to assist organizations proactively prevent these types of risks. Two constants are noted in these requirements. The first constant is requiring organizations to disseminate security policies addressing risk management through secure behavior. The second constant is communicating policies through IS awareness, training and education (ISATE) programs. Compliance requirements direct that these policies provide instruction about making compliant and positive security decisions to reduce risk. Policy-driven and organizationally-relevant ISATE content is understood to be foundational and critical to prevent security risk. The problem identified for investigation is inconsistency of the terms awareness, training and education as found in security-related regulatory, contractual and policy compliance requirements. Organizations are mandated to manage a rapidly increasing portfolio of inconsistent ISATE compliance requirements generated from many sources. Since there is no one set of common guidance for compliance, organizations struggle to meet global, diverse and inconsistent compliance requirements. Inconsistent policy-related content and instructions, generated from differing sources, may cause incorrect security behavior that can present increased security risk. Traditionally, organizations were required to provide only internally-developed programs, with content left to business, regulatory/contractual, and cultural discretion. Updated compliance requirements now require organizations to disseminate externally-developed content in addition to internally-provided content. This real-world business requirement may cause compliance risks due to inconsistent instruction, guidance gaps and lack of organizational relevance. The problem has been experienced by industry practitioners within the last five years due to increased regulatory and contractual compliance requirements. Prior studies have not yet identified specific impacts of multiple and differing compliance requirements on organizations. The need for organizational relevance in ISATE content has been explored in literature, but the amount of organizationally-relevant content has not been examined in balance of newer compliance mandates.The goal of the research project was to develop a standard content definition and framework. Experienced practitioners responsible for ISATE content within their organizations participated in a survey to validate definitions, content, compliance and organizational relevance requirements imposed on their organizations. Fifty-five of 80 practitioners surveyed (68.75% participation rate) provided responses to one or more sections of the survey. This research is believed to be the first to suggest a standardized content definition for ISATE program activities based on literature review, assessment of existing regulatory, contractual, standard and framework definitions and information obtained from specialized practitioner survey data. It is understood to be the first effort to align and synthesize cross-industry compliance requirements, security awareness topics and organizational relevance within information security awareness program content. Findings validated that multiple and varied regulatory and contractual compliance requirements are imposed on organizations. A lower number of organizations were impacted by third party program requirements than was originally expected. Negative and positive impacts of third party compliance requirements were identified. Program titles and content definitions vary in respondent organizations and are documented in a variety of organizational methods. Respondents indicated high acceptance of a standard definition of awareness, less so for training and education. Organizationally-relevant program content is highly important and must contain traditional and contemporary topics. Results are believed to be an original contribution to information/cyber security practitioners, with findings of interest to academic researchers, standards/framework bodies, auditing/risk management practitioners and learning/development specialists